Comment by steeve
4 years ago
As the article mentions, on laptops, this is pretty clever. On desktops though...
Perhaps real macs should be equipped with internal batteries to flush to disk in the case of power loss?
I think I heard some enterprise motherboards/controllers/computers did just that, given the upside in normal operation.
These machines are actually low-power enough that you could implement a last-gasp flush mechanism. The Mac Mini already survives 1-2 seconds without AC power (at least if idle). You could plausibly detect AC power being yanked and immediately power down all downstream USB/TB3 devices and the display (on iMacs), freeze all CPUs into idle, and have plenty enough reservoir cap to let NVMe issue a flush.
But they aren't doing that. I tested it on the Mac Mini. It loses several seconds of fsync()ed data on hard shutdown.
This does require a last-gasp indication from the PSU to the rest of the system, so if they don't have that, it's not something they could add in a firmware update.
I mean the ATX standard has this signal built in, so Apple could just copy it:
https://en.wikipedia.org/wiki/Power_good_signal
> The ATX specification requires that the power-good signal ("PWR_OK") go high no sooner than 100 ms after the power rails have stabilized, and remain high for 16 ms after loss of AC power, and fall (to less than 0.4 V) at least 1 ms before the power rails fall out of specification (to 95% of their nominal value).
I don't think that quite works for the purpose. What you'd want is a second signal that goes low as soon as possible after loss of AC power.
My reading here is that PWR_OK going low is an indication that the PSU has stopped providing good power, and the CPU must shut down immediately, or it might miscompute something due to low voltage. At this point you absolutely don't want to do any last-minute writing, you'd be risking corruption.
What you need here is an early warning signal that you can react to while the PSU is still coasting on the internal capacitors.
4 replies →
>But they aren't doing that. I tested it on the Mac Mini. It loses several seconds of fsync()ed data on hard shutdown.
That's unfortunate. My Mac Mini crashes every other night during sleep. I guess I'm going to have to shut it down to avoid any data corruption.
It should be flushing the drive cache on sleep. This is mostly an issue for sudden AC power loss.
1 reply →
Why does it crash? Mac Minis are some of the most reliable machines on the market, in my experience. Maybe a faulty unit?
4 replies →
Even on laptops I feel uncomfortable. My macOS freezes or kernel panics on me from time to time.
I believe the NVMe driver has a kernel panic hook; I would hope it is used to issue a flush.
OTOH, if you have watchdog timeouts (I've seen this from bad drivers), those would certainly not give the kernel a chance to do that.
What would you implement in Asahi? Would you follow Apple's approach and defer flushes, implementing a kernel panic hook and having some kind of F_FULLFSYNC or just keep Linux' current implementation?
5 replies →
Oh geez, deliberately issuing commands to storage after your kernel panics? It just keeps getting better :(
>Perhaps real macs should be equipped with internal batteries to flush to disk in the case of power loss?
Or just add a UPS?
Does disk gets flushed in case of kernel panic?
How exactly this is clever? Maybe on some toy, not on workstation!